diff mbox series

[meta-multimedia,kirkstone,01/14] libde265: patch CVE-2022-1253

Message ID 20251128201845.2578315-1-skandigraun@gmail.com
State New
Headers show
Series [meta-multimedia,kirkstone,01/14] libde265: patch CVE-2022-1253 | expand

Commit Message

Gyorgy Sarvari Nov. 28, 2025, 8:18 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1253

Pick the patch from the nvd report.

The patch is only partially backported, because part of the vulnerable
code was introuced only in a later version.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../libde265/libde265/CVE-2022-1253.patch     | 34 +++++++++++++++++++
 .../libde265/libde265_1.0.5.bb                |  4 ++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch
diff mbox series

Patch

diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch
new file mode 100644
index 0000000000..57c86101fe
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2022-1253.patch
@@ -0,0 +1,34 @@ 
+From 4dcc28a63e12a6cc8b99bc8e96c5c764fc7a8f1d Mon Sep 17 00:00:00 2001
+From: Dirk Farin <dirk.farin@gmail.com>
+Date: Tue, 5 Apr 2022 09:52:57 +0200
+Subject: [PATCH] error on out-of-range cpb_cnt_minus1 (oss-fuzz issue 27590)
+
+CVE: CVE-2022-1253
+Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8]
+
+This is a partial backport of the linked commit. The vulnerability impacted
+two parts of the code, however one part, which deals with HRD parameters
+was only introduced in a later version (1.0.8), and is not present in
+the Kirkstone version yet (1.0.5).
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libde265/sps.cc | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libde265/sps.cc b/libde265/sps.cc
+index 476cdbb..37bde7b 100644
+--- a/libde265/sps.cc
++++ b/libde265/sps.cc
+@@ -425,7 +425,10 @@ de265_error seq_parameter_set::read(error_queue* errqueue, bitreader* br)
+ 
+   vui_parameters_present_flag = get_bits(br,1);
+   if (vui_parameters_present_flag) {
+-    vui.read(errqueue, br, this);
++    de265_error err = vui.read(errqueue, br, this);
++    if (err) {
++      return err;
++    }
+   }
+ 
+ 
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
index d0ecd04f16..a9d5523bb5 100644
--- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.5.bb
@@ -8,7 +8,9 @@  LICENSE = "LGPL-3.0-only & MIT"
 LICENSE_FLAGS = "commercial"
 LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"
 
-SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI = "https://github.com/strukturag/libde265/releases/download/v${PV}/${BPN}-${PV}.tar.gz \
+           file://CVE-2022-1253.patch \
+           "
 SRC_URI[sha256sum] = "e3f277d8903408615a5cc34718b391b83c97c646faea4f41da93bac5ee08a87f"
 
 EXTRA_OECONF = "--disable-sherlock265 --disable-dec265"